security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
remotephone ffde8b0208 Update to handle different file locations 2020-10-16 21:54:41 -05:00
tas_kmanager e955d38f0a [OSCD] Always Install Elevated Alternative 
Page 48 from #574

Alternative to #1195 because it is on the unsupported folder. Following suggestion from @yugoslavskiy - #574 (comment)
 2020-10-16 21:35:53 -04:00
Mikhail Larin 29f2f1acfe added fish to macos rule 2020-10-17 02:37:21 +03:00
Mikhail Larin 65854752a9 additional shells for both rules fix 2020-10-17 02:33:32 +03:00
Mikhail Larin fb3bee0cad title fix 2020-10-17 02:17:40 +03:00
Mikhail Larin 9b568df527 Lin/Mac T1552.003 2020-10-17 02:06:01 +03:00
Alexander Akhremchik 451187bfbd fixed title capitalization 2020-10-17 01:26:02 +03:00
Alexander Akhremchik 860dc24e4b add zerologon rule 2020-10-17 01:13:57 +03:00
Alexander Akhremchik dbb18b89dc add zerologon rule 2020-10-17 01:11:31 +03:00
Alexey Lednyov 761bebfece Fix title 2020-10-17 01:10:47 +03:00
Alexey Lednyov 69bde540c7 Added a rule to detect the use windows telemetry mechanism for persistence 2020-10-17 00:48:14 +03:00
Ömer Günal 26bb43eaf6 Update lnx_system_info_discovery.yml 2020-10-16 23:00:44 +03:00
Ömer Günal a01c04018c Update lnx_password_policy_discovery.yml 2020-10-16 22:52:15 +03:00
Ömer Günal bf12c73118 Update at_command.yml 2020-10-16 22:49:40 +03:00
Craig Young 192bca814b Remove all modifier 2020-10-16 15:46:51 -04:00
Roberto Rodriguez 4f039c7945 Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-10-16 14:45:13 -04:00
Ömer Günal 723df2f15b Update lnx_system_info_discovery.yml 2020-10-16 21:08:01 +03:00
Vasiliy Burov cc3674bd12 Create win_susp_multiple_files_renamed.yml 
It is not the task of the OSCD sprint#2 but I decide to include this rule here :-)
 2020-10-16 21:03:11 +03:00
Craig Young 85e3099297 Added LOLBAS URL 2020-10-16 13:58:59 -04:00
Craig Young e9953b5a82 Utilize Image|endswith for efficiency 
Rather than searching all command lines, it is more efficient to consider first the Image name.
 2020-10-16 13:56:41 -04:00
Ömer Günal f7fbfda794 Update lnx_system_info_discovery.yml 2020-10-16 20:53:00 +03:00
Craig Young 6e2b899128 Adding oscd.community to authors 2020-10-16 13:51:02 -04:00
Nikita P. Nazarov 30ce1ff268 Detected Windows Software Discovery 2020-10-16 20:44:08 +03:00
Ömer Günal 2fa7008363 change reference 2020-10-16 20:42:12 +03:00
Ömer Günal bca3c80f43 Update lnx_clear_logs.yml 2020-10-16 20:39:26 +03:00
Jonhnathan 89bbee6594 Update win_susp_service_dacl_modification.yml 2020-10-16 11:57:54 -03:00
Jonhnathan 3f23aa56c0 Revert "Revert "Changed the rule to download only and not the copy"" 
This reverts commit 17e7eee3a6.
 2020-10-16 11:05:51 -03:00
Jonhnathan 0734274dfa Revert "Revert "Create win_susp_replace_lolbin.yml"" 
This reverts commit fdd9234acc.
 2020-10-16 11:05:40 -03:00
Jonhnathan eee2ace2c6 Revert "Revert "Changed the rule to download only and not the copy"" 
This reverts commit b0ddaf5ac9.
 2020-10-16 11:05:03 -03:00
Jonhnathan ec32341e89 Revert "Revert "Create win_susp_replace_lolbin.yml"" 
This reverts commit 1979906bae.
 2020-10-16 11:04:55 -03:00
Jonhnathan 23e956dcce Merge branch 'oscd5' of https://github.com/w0rk3r/sigma into oscd5 2020-10-16 11:03:21 -03:00
Jonhnathan b190c1dbba Revert "Revert "Changed the rule to download only and not the copy"" 
This reverts commit 5e9c80c8b1.
 2020-10-16 11:03:18 -03:00
Jonhnathan b4663a1535 Revert "Revert "Create win_susp_replace_lolbin.yml"" 
This reverts commit e47bee2d4e.
 2020-10-16 11:03:10 -03:00
tas_kmanager c4ddd56931 Update sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml 2020-10-16 09:30:20 -04:00
tas_kmanager 832c1d4b1a Update sysmon_always_install_elevated_msi_spawned_cmd_and_powershell_spawned_processes.yml 2020-10-16 08:59:07 -04:00
Jonhnathan 2f7b44964c Create win_susp_service_dacl_modification.yml 2020-10-16 09:30:09 -03:00
Jonhnathan e47bee2d4e Revert "Create win_susp_replace_lolbin.yml" 
This reverts commit e6a6549676.
 2020-10-16 09:10:48 -03:00
Jonhnathan 5e9c80c8b1 Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-10-16 09:10:45 -03:00
Jonhnathan 9a5c166bb2 Fix filter 2020-10-16 07:35:59 -03:00
unclep@sk aa2cd4bdce The author field escape char fixed 2020-10-16 13:02:40 +03:00
unclep@sk 27bbbf3398 The author field escape char fixed 2020-10-16 12:51:59 +03:00
unclep@sk dc554af970 The author field and FP filter fix applied 2020-10-16 12:49:27 +03:00
unclep@sk 94f60acb7f The author field escape char fixed 2020-10-16 12:09:46 +03:00
Florian Roth 48f1be04d4 fix: ping hex ip rule 2020-10-16 10:06:24 +02:00
Ömer Günal 5c34e69fc9 Update lnx_process_discovery.yml 2020-10-16 10:58:51 +03:00
Ömer Günal 0b30835b7b Update at_command.yml 2020-10-16 10:56:06 +03:00
Ömer Günal 373c637e66 Update lnx_install_root_certificate.yml 2020-10-16 10:55:31 +03:00
Ömer Günal 27dcad8ffe Update lnx_process_discovery.yml 2020-10-16 10:52:54 +03:00
Ömer Günal 68e843f0d3 Update lnx_system_info_discovery.yml 2020-10-16 10:48:36 +03:00
Ivan Dyachkov a51eec1a79 fixed image and commandline search 2020-10-16 10:44:59 +03:00